Review & Remediate Kubernetes Node Vulnerability Recommendations

Implementation Effort: Medium
This task requires enabling vulnerability assessments, reviewing CVE findings, and coordinating with platform teams to upgrade node pool images or Kubernetes versions.

User Impact: Low
Only infrastructure and security teams are involved in reviewing and remediating vulnerabilities; end users are not affected.

Overview

Microsoft Defender for Containers provides vulnerability assessments for Kubernetes nodes by scanning the virtual machines (VMs) that host the nodes. These assessments identify OS-level and software vulnerabilities and generate actionable recommendations for remediation.

To review and remediate vulnerabilities:

• Navigate to Defender for Cloud > Recommendations.
• Select the recommendation: "AKS nodes should have vulnerability findings resolved".
• Review the list of CVEs under the Findings tab, which includes affected node pools and clusters.
• Select a CVE to view detailed information and impacted resources.
• Click Fix to begin remediation.

Remediation typically involves:

• Upgrading the node pool VM image to a newer version.
• Optionally, upgrading the Kubernetes cluster version if required.
• Enabling auto-upgrade for node pools and clusters to maintain security posture.

This process supports the Zero Trust principle of "Assume Breach" by ensuring that known vulnerabilities in the infrastructure layer are promptly identified and mitigated, reducing the attack surface.

Risks if not implemented: Unpatched Kubernetes nodes may expose the cluster to known exploits, increasing the risk of lateral movement, privilege escalation, or container escape attacks.

Reference

• Kubernetes Nodes Vulnerability Assessment - Microsoft Defender for Cloud
• View and remediate vulnerabilities for containers running on Kubernetes
• Reference table for all container security recommendations